Posts Tagged ‘hacking’

So it seems that Ebay is the latest site in a long line of high profile web sites of well know companies to by hit by a hacker attack.

From memory, we’ve recently had Sony and it’s PlayStation network as well as several online gaming forums being attacked. In my opinion this just shows how vulnerable on line data is. If you use cloud storage for example, you’ll know that all you need to login to your user account is a username and a password. Now a username can be something like your email address and how secure is your password really? Is it a long complex string that mixes alphabetic, numeric and other characters like ‘LFKGjsdjg3293@£$sdhfj’ for example, or is it something like ‘pencil’ ?

There are applications called brute force programs (see Wikipedia link – http://en.wikipedia.org/wiki/Password_cracking) that will continually bombard web site pages where login details are added in an attempt to gain access to the system. A brute force program is able to attempt an unlimited amount of combinations in order to gain access. It all takes time, but brute force programs can try thousands of combinations a second. Scary isn’t it?

One of the most common passwords is the simple string ‘123456’. People will choose obvious passwords because they are easy to remember, but easy to remember passwords are also easy to break. 123456 became so popular and easy to break that in 2011 Microsoft banned its users using it as a password. So if you do use online services like cloud storage or ebay – make sure your passwords are secure and difficult break.

On the evening of Friday 10th January 2014, Dropbox engineers accidentally deployed a software upgrade to their active data servers, bringing down Dropbox completely. While the service was partially restored within three hours, some users were still experiencing issues more than 24 hours after the initial outage. Dropbox has issued an apology and reassured users that their data is safe following the significant service outage over the weekend.

Following a high profile password hijacking incident in 2012, Dropbox was swift to try and quell anxieties that Friday’s outage had been from a data violation or distributed denial of service (DDoS) attack. Instead a software bug was to blame and a Dropbox spokesman explained that despite running two copy “slave” machines, the bug resulted in many master machines as well as their slaves going down concurrently, producing a loss of service.

In addition, the company has developed applications to speed up the recovery of substantial MySQL copies, a tool Dropbox said would be published into the open source community so others could profit.

Dropbox had learned from this weekend’s troubles and had taken steps to ensure the bug wouldn’t be replicated. These measures contain an added level of tests that require machines to locally check their state before running incoming commands, which gives machines the right to reject orders when they would create a “harmful” consequence.

As the marketplace for affordable cloud storage grows, the outage once again emphasised the value for cloud storage companies to keep data reachable constantly so that customer belief can be preserved. The outage also demonstrated the brittle nature of cloud storage.